SSH tools related to the OpenSSL/Debian vulnerability

About these tools

We (Raphaël Rigo, Romain Raboin and Julien Tinnes) gave a short talk at SSTIC 08 about some of the tools we and Yoann Guillot wrote after the OpenSSL/Debian advisory to
remotely discover vulnerable keys in authorized_keys files, decipher SSH traffic and retrieve DSA private keys (even from non weak keys). We also wrote an article in french in this MISC issue.

For now we have disclosed the following tools (we might add other tools soon):

ssh_kex_keygen: a tool to retrieve the Diffie-Hellman session key in a SSH conversation capture involving at least one OpenSSH running with a vulnerable OpenSSL. Key recovery will take half a minute on decent hardware.

Be aware that this tool does'nt parse a pcap file, nor does it decipher the traffic for you, it has to be used in a higher-level program such as ssh_decoder in order to be useful.

ssh_decoder: a tool to decipher a ssh session from a pcap file (uses ssh_kex_keygen). This will allow you to retrieve passwords or public SSH keys used for authentication that may be vulnerable and to read older SSH traffic.

bfssh: a multi-threaded tool written in C to retrieve weak keys in authorized_keys files on a remote machine. It'll test for all possible keys for a given architecture in less than five minutes on a decent network. You'll need a vulnerable libssl/libcrypto and libssh to compile/use it.